The Justice Department has announced criminal charges against Evgenii Ptitsyn, a 42-year-old Russian national, for his alleged role in administering Phobos ransomware. Ptitsyn was extradited from South Korea and appeared in the U.S. District Court for the District of Maryland on November 4. The ransomware reportedly affected over 1,000 entities globally, extracting more than $16 million in ransom payments.
Deputy Attorney General Lisa Monaco stated, "The Justice Department is committed to leveraging the full range of our international partnerships to combat the threats posed by ransomware like Phobos." She highlighted that Ptitsyn "allegedly extorted millions of dollars" and now faces justice due to global law enforcement collaboration.
Nicole M. Argentieri, Principal Deputy Assistant Attorney General, noted that the indictment claims Ptitsyn and his associates conducted attacks on various organizations worldwide. These included corporations, schools, hospitals, and nonprofits. Argentieri emphasized the importance of international cooperation in tackling such cyber threats.
U.S. Attorney Erek L. Barron remarked on the inevitability of cybercriminals being caught: "According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain." He reaffirmed commitment to prosecuting cybercriminals while working with private and academic sectors to prevent further incidents.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division acknowledged the necessity of strong partnerships: "We know it takes strong partnerships to disrupt cybercriminal networks." He credited these collaborations for enabling Ptitsyn's extradition.
Beginning in at least November 2020, as per allegations, Ptitsyn conspired with others in an international hacking scheme using Phobos ransomware. They allegedly developed and distributed this software through a darknet site and used online aliases such as “derxan” and “zimmermanx” for advertising their services.
Victims' networks were infiltrated using unauthorized credentials; data was encrypted with Phobos ransomware; and ransoms were demanded for decryption keys. Successful attacks resulted in fees paid by affiliates to administrators like Ptitsyn via cryptocurrency wallets.
Ptitsyn faces a 13-count indictment including wire fraud conspiracy and computer fraud charges. If convicted, he could receive up to 20 years per wire fraud count among other penalties.
The FBI Baltimore Field Office is handling investigations with support from international partners across several countries including South Korea and European nations alongside Europol. Senior Counsel Aarash A. Haghighat along with Assistant U.S. Attorneys Aaron S.J. Zelinsky and Thomas M. Sullivan are leading prosecution efforts.
Resources on safeguarding against Phobos ransomware can be found at StopRansomware.gov.
An indictment remains an allegation until proven guilty beyond reasonable doubt in court.